FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

perl5 -- taint mechanism bypass vulnerability

Affected packages
perl5 < 5.18.4_21
5.20.0 <= perl5 < 5.20.3_12
5.22.0 <= perl5 < 5.22.1_8
5.18.0 <= perl5.18 < 5.18.4_21
5.20.0 <= perl5.20 < 5.20.3_12
5.22.0 <= perl5.22 < 5.22.1_8
0 <= perl

Details

VuXML ID d9f99491-1656-11e6-94fa-002590263bf5
Discovery 2016-04-08
Entry 2016-05-10
Modified 2016-08-22

MITRE reports:

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

References

CVE Name CVE-2016-2381
FreeBSD PR ports/208879